Before You Install

Note: A basic understanding of Linux is assumed throughout the installation, upgrade, and removal processes.

Understand Tenable Security Center and Tenable Security Center Director Licenses

Confirm your licenses are valid for your Tenable Security Center Director deployment. Tenable Security Center Director does not support an unlicensed demo mode.

For more information, see License Requirements.

Plan Your Tenable Security Center Director Deployment Version

You must run the same version of Tenable Security Center on your entire Tenable Security Center Director deployment, including Tenable Security Center Director and all managed Tenable Security Center instances that you connect to Tenable Security Center Director. Tenable Security Center Director cannot communicate with managed Tenable Security Center instances that are running a different version of Tenable Security Center.

If you have already installed and configured the Tenable Security Center instances you plan to manage with Tenable Security Center Director, do one of the following:

  • Download and install the same version of Tenable Security Center Director that you are already running on your Tenable Security Center instances.

  • Plan to upgrade your managed Tenable Security Center instances to the same version as your Tenable Security Center Director.

For more information about managing Tenable Security Center instances with Tenable Security Center Director, see Tenable Security Center Director Deployments.

Disable Default Web Servers

Tenable Security Center Director provides its own Apache web server listening on port 443. If the installation target already has another web server or other service listening on port 443, you must disable that service on that port or configure Tenable Security Center Director to use a different port after installation.

Identify which services, if any, are listening on port 443 by running the following command:

# ss -pan | grep ':443 '

If there are any services listening on port 443, you must either disable or run them on a different port.

Modify Security Settings

Tenable Security Center Director supports disabled, permissive, and enforcing mode Security-Enhanced Linux (SELinux) policy configurations. For more information, see SELinux Requirements.

Perform Log File Rotation

The installation does not include a log rotate utility; however, the native Linux logrotate tool is supported post-installation. In most Red Hat environments, logrotate is installed by default. The following logs are rotated if the logrotate utility is installed:

  • All files in /opt/sc/support/logs matching *log

  • /opt/sc/admin/logs/sc-error.log

During an install/upgrade, the installer drops a file named SecurityCenter into /etc/logrotate.d/ that contains log rotate rules for the files mentioned above.

Log files are rotated on a monthly basis. This file is owned by root/root.

Allow Tenable Sites

To allow Tenable Security Center Director to communicate with Tenable servers for product updates and plugin updates, Tenable recommends adding Tenable sites to an allow list at the perimeter firewall. For more information, see the knowledge base article.

Connect a PostgreSQL server

You must configure an external PostgreSQL database if your Tenable Security Center Director installation meets any of the following criteria:

  • Your Tenable Security Center Director instance has over 100,000 assets.

  • Your Tenable Security Center Director instance is a non-rpm installation.

  • You want to use the Vulnerability Intelligence and global search features introduced in Tenable Security Center Director 6.5.0.

Before you install or upgrade Tenable Security Center Director, you must configure some environment variables to connect the PostgreSQL server. For more information, see Connect an External PostgreSQL Server.